Vortex
Vortex is a ransomware that runs on Microsoft Windows. It is aimed at Polish-speaking users. It was developed with AESxWin. Payload Transmission Vortex is distributed through email spam and malicious attachments, exploits, fake updates, repackaged and infected installers. Infection Following successful infiltration, Vortex encrypts various files using AES-256 cryptography and appends the ".aes" (or ".ZABLOKOWANE") extension to the name of each encrypted file. For example, a file such as "sample.jpg" might be renamed to "sample.jpg.aes". Once the files are encrypted, Vortex creates a text file (ODZSZYFRUJ-DANE.txt" (or "#$# JAK-ODZYSKAC-PLIIKI.txt"), placing it on the desktop. The text file contains a ransom-demand message in Polish stating that files are encrypted and the only way to restore them is to purchase a unique decryption key. As mentioned above, Vortex employs AES cryptography and, thus, claims that files cannot be restored without a key are unfortunately accurate. Cyber criminals (developers of Vortex ransomware) store this key on a remote server and generate revenue by blackmailing victims to receive it. The size of ransom is $199. To submit payment, victims are encouraged to contact criminals via email addresses ("rsapl@openmailbox.org" or "polskiransom@airmail.cc") provided, and to follow the instructions. Victims are also permitted to attach two selected files, which are then decrypted and returned - presumably as proof that decryption is possible. Text presented within Vortex ransomware text file ("ODZSZYFRUJ-DANE.txt"): ᏉᎾᏒᏆᎬx ᏒᎪᏁsᎾmᎳᎪᏒᎬ Nie możesz znaleźć potrzebnych plików na dysku twardym ? Zawartość Twoich plików jest nie do otwarcia? Jest to skutek działania programu który zaszyfrował większość Twoich danych przy pomocy silnego alogrytmu AES-256, używanego min. przez służby mundurowe do zatajania danych przesyłanych drogą elektroniczną. Jedyna metoda aby odzyskać Twoje pliki to wykupienie od nas programu deszyfrującego, wraz z jednorazowym kluczem wygenerowanym unikalnie dla Ciebie! Gdy już postanowisz odzyskać swoje dane skontaktuj się z nami pod adrem e - mail: rsapl@openmailbox.org lub polskiransom@airmail.cc 2 Pliki odszyfrujemy za darmo aby udowodnić że jesteśmy w stanie tego dokonać, Za resztę niestety musisz zapłacić ! Cena za odszyfrowanie wszystkich plików: 199$ Uwaga !Nie marnuj czasu, czas to pieniądz za 4 dni cena wzrośnie o 100 % ! Which translates to: ᏉᎾᏒᏆᎬ x ᏒᎪᏁ s Ꮎ m ᎳᎪᏒᎬ Can't find the files you need on your hard drive? The contents of your files cannot be opened? This is the result of a program that has encrypted most of your data using the strong AES-256 algorithm, used min. by uniformed services to withhold data sent electronically. The only way to recover your files is to buy a decryption program from us, along with a one-time key generated uniquely for you! Once you decide to recover your data, please contact us at the following email address: rsapl@openmailbox.org or polskiransom@airmail.cc 2 We decrypt files for free to prove that we are able to do it, Unfortunately you have to pay for the rest! Price for decrypting all files: 199 $ Note: Don't waste time, time is money for 4 days the price will increase by 100%! Category:Assembly Category:Ransomware Category:Win32 ransomware Category:Win32 Category:Microsoft Windows Category:Win32 trojan Category:Trojan